What were you trying to do that didn't work?

Attempting to build the libxcrypt package (libxcrypt-4.4.36-11.el10). The build fails during the %install phase while running fipshmac to generate integrity checksums.

What is the impact of this issue to you?

Unable to successfully build the libxcrypt package for RHEL/CentOS Stream 10 in the standard Mock/Koji build environment.

Please provide the package NVR for which the bug is seen:

libxcrypt-4.4.36-11.el10

How reproducible is this bug?:

Always (100% in restricted build containers)

Steps to reproduce

1. Trigger an RPM build of libxcrypt.spec in a restricted build environment (like Koji or Mock using systemd-nspawn).
2. Wait for the build to reach the %install phase.
3. Observe the failure when fipshmac is executed.

Expected results

The build should complete successfully, with fipshmac either generating the checksums or falling back gracefully if the kernel crypto API is unavailable.

Actual results

The build fails during the %install section with the following error:

+ fipshmac -d /builddir/build/BUILDROOT/libxcrypt-4.4.36-11.el10.aarch64/usr/lib64/fipscheck /builddir/build/BUILDROOT/libxcrypt-4.4.36-11.el10.aarch64/usr/lib64/libcrypt.so.2.0.0
Allocation of hmac(sha256) cipher failed (ret=-111)
RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.8NYZf8 (%install)

The error `ret=-111` (ECONNREFUSED) indicates that the fipshmac tool attempted to create an AF_ALG socket to use the kernel's crypto primitives but was blocked by the container environment (seccomp or missing kernel modules on the host).